Recently, Synology rolled out a set of updates for other products in their portfolio, namely Photo Station and the DiskStation Manager web-based operating system, fixing more severe vulnerabilities that could grant an attacker full access to the data stored on network attached storage devices. Cloud Station Drive (client) Cloud Station on SRM and the DS cloud app will.
#SYNOLOGY CLOUD STATION CLIENT UPDATE#
As per the CVSS (Common Vulnerability Scoring System) standard, the issue received a rating of 6.8 out of 10.Īll affected users are recommended to update their client to build 3.2-3475 or later as soon as possible. Synology Disk Station DS418 - NAS server - 4 bays - RAID 0, 1, 5, 6, 10. CERT calculated the severity score of the glitch, which is now tracked as CVE-2015-2851. The company said that the impact of the security flaw is low. Synology addressed the issue by releasing an update ( 3.2-3475) to version 3.2-3475 that comes without “client_chown,” whose purpose was to make upgrading of the Cloud Station client easier. “A local standard OS X user may gain ownership over arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host,” explains a security advisory on Tuesday from the CERT (Computer Emergency Readiness Team) division of Carnegie Mellon University. This free PC software was developed to work on Windows 7, Windows 8 or Windows 10 and is compatible with 64-bit systems. The following versions: 1.2 and 1.0 are the most frequently downloaded ones by the program users. Tick the Run Synology Drive Client checkbox to launch the application right away. is available as a free download on our software library. In versions of the client starting 1.1-2291 and up to 3.2-3475, “client_chown” executable is installed with setuid (set-user identification) root permission, meaning that anyone accessing it can modify ownership of the files. During the installation, the wizard will notify you that Synology Drive Client will replace Cloud Station Backup and Cloud Station Drive after the installation, and will ask if you want to continue with the setup. The security weakness, reported by Jeremy Kemp, is not caused by a vulnerability in the code used by the product but by incorrect default permissions granted to an executable in the OS X client that allows users to change ownership of the files in the cloud. Cloud Station is a file sharing service that allows you to synchronize files between a centralized Synology Router and multiple client computers and mobile. It comes with capabilities like file versioning, selective sync, and encryption. Synology Cloud Station is designed as a private cloud solution that can synchronize data across multiple devices (smartphones, computers, tablets) via a local client. The OS X synchronization client for the Cloud Station product from Synology can be used by an attacker to gain root privileges for the storage device and compromise it completely.
0 kommentar(er)
